Skip to content

Bug 41014: Update libdmg-hfsplus to drop our patch to disable OpenSSL support

Pier Angelo Vendrame requested to merge pierov/tor-browser-build:bug_41014 into main

Merge Info

Related Issues



  • Immediate: patchset needed as soon as possible
  • Next Minor Stable Release: patchset that needs to be verified in nightly before backport
  • Eventually: patchset that needs to be verified in alpha before backport
  • No Backport (preferred): patchset for the next major stable

(Optional) Justification

  • Emergency security update: patchset fixes CVEs, 0-days, etc
  • Censorship event: patchset enables censorship circumvention
  • Critical bug-fix: patchset fixes a bug in core-functionality
  • Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
  • Sponsor required: patchset required for sponsor
  • Other: please explain
    • The version we're using produces bad hfs's and users are presented with a scary warning. This updated version doesn't have the same problem, so the easiest way to solve it is to switch to this version.

Issue Tracking


Request Reviewer

  • Request review from an applications developer depending on modified system:
    • NOTE: if the MR modifies multiple areas, please /cc all the relevant reviewers (since gitlab only allows 1 reviewer)
    • accessibility : henry
    • android : clairehurst, dan
    • build system : boklm
    • extensions : ma1
    • firefox internals (XUL/JS/XPCOM) : ma1
    • fonts : pierov
    • frontend (implementation) : henry
    • frontend (review) : donuts, richard
    • localization : henry, pierov
    • macos : clairehurst, dan
    • nightly builds : boklm
    • rebases/release-prep : dan, ma1, pierov, richard
    • security : ma1
    • signing : boklm, richard
    • updater : pierov
    • misc/other : pierov, richard

Change Description

When I was writing the documentation about this project, I realized that I could either document our no-openssl patch, or just update the version, since now also Mozilla has a similar patch, so I opted for the second option 🙂.

I'm not sure about backporting because I don't sign.

But it could be easily backported if needed/consistency in the signing process simplifies it.

How Tested

Built a testbuild and the project outside the container to update the artifact name on signing tools.

I haven't checked reproducibility. I've checked it only outside tor-browser-build (same machine, but at least after some minutes also in two different machines).

Additional testing: create a dmg and extract it again:

# Extract an existing dmg from the 12.5 series, it works well with all versions
./dmg iso tor-browser.dmg tor-browser.hfs
./dmg dmg tor-browser.hfs tor-browser-repack.dmg
./dmg iso tor-browser-repack.dmg tor-browser-repack.hfs
# Previous version: bad! New version: the files are the same.
cmp tor-browser.hfs tor-browser-repack.hfs
# Repack again, maybe after some minutes or even better in another machine
./dmg dmg tor-browser.hfs tor-browser-repack-repro.dmg
# Will be the same file
cmp tor-browser-repack.dmg tor-browser-repack-repro.dmg
Edited by Pier Angelo Vendrame

Merge request reports